syzbot

 sign-in | mailing list | source | docs
🐞 Open [1037] Subsystems 🐞 Fixed [5252] 🐞 Invalid [12580] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in io_submit_sqes / io_uring_poll (6)

Status: auto-obsoleted due to no activity on 2023/12/25 00:08
Subsystems: io-uring
[Documentation on labels]
Reported-by: syzbot+0a9cd8e24b280b505a7b@syzkaller.appspotmail.com
First crash: 176d, last: 176d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in io_submit_sqes / io_uring_poll (2) fs 1 1218d 1218d 0/26 auto-closed as invalid on 2021/02/08 06:39
upstream KCSAN: data-race in io_submit_sqes / io_uring_poll (3) fs 55 895d 973d 0/26 auto-closed as invalid on 2021/12/27 08:47
upstream KCSAN: data-race in io_submit_sqes / io_uring_poll (7) io-uring 1 19d 19d 0/26 moderation: reported on 2024/04/16 11:08
upstream KCSAN: data-race in io_submit_sqes / io_uring_poll fs 2 1319d 1345d 0/26 auto-closed as invalid on 2020/10/29 16:22
upstream KCSAN: data-race in io_submit_sqes / io_uring_poll (5) io-uring 21 377d 565d 0/26 auto-obsoleted due to no activity on 2023/05/30 00:18
upstream KCSAN: data-race in io_submit_sqes / io_uring_poll (4) io-uring 123 617d 783d 0/26 auto-obsoleted due to no activity on 2022/10/01 12:19

Sample crash report:
==================================================================
BUG: KCSAN: data-race in io_submit_sqes / io_uring_poll

read-write to 0xffff888103e9f870 of 4 bytes by task 17125 on cpu 1:
 io_get_sqe io_uring/io_uring.c:2385 [inline]
 io_submit_sqes+0x242/0x1060 io_uring/io_uring.c:2436
 __do_sys_io_uring_enter io_uring/io_uring.c:3709 [inline]
 __se_sys_io_uring_enter+0x1eb/0x1b70 io_uring/io_uring.c:3643
 __x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3643
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

read to 0xffff888103e9f870 of 4 bytes by task 17248 on cpu 0:
 io_sqring_full io_uring/io_uring.h:256 [inline]
 io_uring_poll+0xcd/0x190 io_uring/io_uring.c:3016
 vfs_poll include/linux/poll.h:88 [inline]
 do_pollfd fs/select.c:873 [inline]
 do_poll fs/select.c:921 [inline]
 do_sys_poll+0x636/0xc00 fs/select.c:1015
 __do_sys_ppoll fs/select.c:1121 [inline]
 __se_sys_ppoll+0x1af/0x1f0 fs/select.c:1101
 __x64_sys_ppoll+0x67/0x80 fs/select.c:1101
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

value changed: 0x00004fc0 -> 0x00004fc6

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 17248 Comm: syz-executor.5 Tainted: G        W          6.6.0-syzkaller-16176-g1b907d050735 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/12 03:47 upstream 1b907d050735 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in io_submit_sqes / io_uring_poll
* Struck through repros no longer work on HEAD.